Skip to main content
Version: 3.13

Use Identity Provider Initiated Logon

This topic tells you how to set up Identity Provider Initiated Logon using UAA as the authorization server and a sample Node.js web application as a web portal.

The web portal acts as an identity provider, allowing users to access the management UI with a single click by using an OAuth 2.0 token previously obtained from the authorization server.

      | Idp (for example, UAA) |
            /\
             | 2. get token
             |
     | Web app Portal |  ---------> | RabbitMQ | <---+
           /\                  |         |           | 4. 302 direct to overview page
            |                  |         |           |    with cookie
            |                  |         +-----------+
            |                  |
    1. user requests             3. POST https://rabbitmq:15671/login
          access                    with access_token
       to the management UI

Access the management UI from a browser.

Prerequisites to follow this guide

  • Docker
  • A local clone of a GitHub repository for branch next that contains all the configuration files and scripts used on this example
info

The commands used to start UAA, RabbitMQ, and the web portal automatically generate their x.509 certificates required for HTTPS.

Deploy UAA

To start UAA run:

make start-uaa

To check if UAA is running, run:

docker ps | grep uaa

Deploy RabbitMQ

To start RabbitMQ, run:

export MODE=portal
OAUTH_PROVIDER=uaa make start-rabbitmq
tip

Ensure that RabbitMQ is deployed with the version you expect by searching for Running RabbitMQ (<image>:<image_tag>) with in docker logs rabbitmq.

info

To start one specific version of RabbitMQ, run this command instead:

MODE=portal OAUTH_PROVIDER=uaa IMAGE=rabbitmq IMAGE_TAG=<YourVersion> make start-rabbitmq

Deploy Portal

To start Portal, run:

make start-portal

Verify management UI flows

To verify management UI flows:

  1. Go to the portal https://localhost:3000.
  2. Click the button https://localhost:15671 for rabbit_idp_user, which redirects you to the RabbitMQ management UI fully authenticated.
info

rabbit_idp_user is the OAuth Client the portal uses to obtain an access token to test this flow. This OAuth Client is declared in UAA.

warning

When you visit https://localhost:3000 you get a browser warning because of the error net::ERR_CERT_AUTHORITY_INVALID. This is because the portal is using a self-signed certificate. Click on Proceed to localhost (unsafe) to accept it.